2 * Copyright (C) 1998 Free Software Foundation, Inc.
4 * This file is part of GNUPG.
6 * GNUPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * GNUPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
28 #include <sys/types.h>
45 #define MAX_CERT_DEPTH 5
47 #if MAX_FINGERPRINT_LEN > 20
48 #error Must change structure of trustdb
51 struct local_id_item {
52 struct local_id_item *next;
57 struct local_id_table {
58 struct local_id_table *next; /* only used to keep a list of unused tables */
59 struct local_id_item *items[16];
63 typedef struct local_id_table *LOCAL_ID_TABLE;
66 typedef struct trust_info TRUST_INFO;
69 byte otrust; /* ownertrust (assigned trust) */
70 byte trust; /* calculated trust (validity) */
73 typedef struct trust_seg_list *TRUST_SEG_LIST;
74 struct trust_seg_list {
82 struct recno_list_struct {
83 struct recno_list_struct *next;
87 typedef struct recno_list_struct *RECNO_LIST;
90 static int walk_sigrecs( SIGREC_CONTEXT *c );
92 static LOCAL_ID_TABLE new_lid_table(void);
93 static void release_lid_table( LOCAL_ID_TABLE tbl );
94 static int ins_lid_table_item( LOCAL_ID_TABLE tbl, ulong lid, unsigned flag );
95 static int qry_lid_table_flag( LOCAL_ID_TABLE tbl, ulong lid, unsigned *flag );
97 static void print_user_id( const char *text, u32 *keyid );
98 static int list_sigs( ulong pubkey_id );
99 static int do_check( TRUSTREC *drec, unsigned *trustlevel );
100 static int get_dir_record( PKT_public_key *pk, TRUSTREC *rec );
102 static void upd_pref_record( TRUSTREC *urec, u32 *keyid, PKT_signature *sig );
103 static void upd_cert_record( KBNODE keyblock, KBNODE signode, u32 *keyid,
104 TRUSTREC *drec, RECNO_LIST *recno_list, int recheck,
105 TRUSTREC *urec, const byte *uidhash, int revoke );
108 /* a table used to keep track of ultimately trusted keys
109 * which are the ones from our secrings */
110 static LOCAL_ID_TABLE ultikey_table;
112 /* list of unused lid items and tables */
113 static LOCAL_ID_TABLE unused_lid_tables;
114 static struct local_id_item *unused_lid_items;
117 #define HEXTOBIN(a) ( (a) >= '0' && (a) <= '9' ? ((a)-'0') : \
118 (a) >= 'A' && (a) <= 'F' ? ((a)-'A'+10) : ((a)-'a'+10))
122 /**********************************************
123 *********** record read write **************
124 **********************************************/
130 "The trust DB is corrupted; please run \"gpgm --fix-trust-db\".\n") );
135 * Read a record but die if it does not exist
138 read_record( ulong recno, TRUSTREC *rec, int rectype )
140 int rc = tdbio_read_record( recno, rec, rectype );
143 log_error(_("trust record %lu, req type %d: read failed: %s\n"),
144 recno, rectype, g10_errstr(rc) );
150 * Wirte a record but die on error
153 write_record( TRUSTREC *rec )
155 int rc = tdbio_write_record( rec );
158 log_error(_("trust record %lu, type %d: write failed: %s\n"),
159 rec->recnum, rec->rectype, g10_errstr(rc) );
164 * Delete a record but die on error
167 delete_record( ulong recno )
169 int rc = tdbio_delete_record( recno );
172 log_error(_("trust record %lu: delete failed: %s\n"),
173 recno, g10_errstr(rc) );
183 int rc = tdbio_sync();
186 log_error(_("trust db: sync failed: %s\n"), g10_errstr(rc) );
192 /**********************************************
193 ************* list helpers *******************
194 **********************************************/
197 * Insert a new item into a recno list
200 ins_recno_list( RECNO_LIST *head, ulong recno, int type )
202 RECNO_LIST item = m_alloc( sizeof *item );
211 qry_recno_list( RECNO_LIST list, ulong recno, int type )
213 for( ; list; list = list->next ) {
214 if( list->recno == recno && (!type || list->type == type) )
222 rel_recno_list( RECNO_LIST *head )
226 for(r = *head; r; r = r2 ) {
233 static LOCAL_ID_TABLE
238 a = unused_lid_tables;
240 unused_lid_tables = a->next;
241 memset( a, 0, sizeof *a );
244 a = m_alloc_clear( sizeof *a );
249 release_lid_table( LOCAL_ID_TABLE tbl )
251 struct local_id_item *a, *a2;
254 for(i=0; i < 16; i++ ) {
255 for(a=tbl->items[i]; a; a = a2 ) {
257 a->next = unused_lid_items;
258 unused_lid_items = a;
261 tbl->next = unused_lid_tables;
262 unused_lid_tables = tbl;
266 * Add a new item to the table or return 1 if we already have this item
269 ins_lid_table_item( LOCAL_ID_TABLE tbl, ulong lid, unsigned flag )
271 struct local_id_item *a;
273 for( a = tbl->items[lid & 0x0f]; a; a = a->next )
276 a = unused_lid_items;
278 unused_lid_items = a->next;
280 a = m_alloc( sizeof *a );
283 a->next = tbl->items[lid & 0x0f];
284 tbl->items[lid & 0x0f] = a;
289 qry_lid_table_flag( LOCAL_ID_TABLE tbl, ulong lid, unsigned *flag )
291 struct local_id_item *a;
293 for( a = tbl->items[lid & 0x0f]; a; a = a->next )
294 if( a->lid == lid ) {
305 * Return the keyid from the primary key identified by LID.
308 keyid_from_lid( ulong lid, u32 *keyid )
313 rc = tdbio_read_record( lid, &rec, 0 );
315 log_error(_("error reading dir record for LID %lu: %s\n"),
316 lid, g10_errstr(rc));
317 return G10ERR_TRUSTDB;
319 if( rec.rectype == RECTYPE_SDIR )
321 if( rec.rectype != RECTYPE_DIR ) {
322 log_error(_("lid %lu: expected dir record, got type %d\n"),
324 return G10ERR_TRUSTDB;
326 if( !rec.r.dir.keylist ) {
327 log_error(_("no primary key for LID %lu\n"), lid );
328 return G10ERR_TRUSTDB;
330 rc = tdbio_read_record( rec.r.dir.keylist, &rec, RECTYPE_KEY );
332 log_error(_("error reading primary key for LID %lu: %s\n"),
333 lid, g10_errstr(rc));
334 return G10ERR_TRUSTDB;
336 keyid_from_fingerprint( rec.r.key.fingerprint, rec.r.key.fingerprint_len,
344 lid_from_keyblock( KBNODE keyblock )
346 KBNODE node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
350 pk = node->pkt->pkt.public_key;
351 if( !pk->local_id ) {
354 get_dir_record( pk, &rec );
362 * Walk through the signatures of a public key.
363 * The caller must provide a context structure, with all fields set
364 * to zero, but the local_id field set to the requested key;
365 * This function does not change this field. On return the context
366 * is filled with the local-id of the signature and the signature flag.
367 * No fields should be changed (clearing all fields and setting
368 * pubkeyid is okay to continue with an other pubkey)
369 * Returns: 0 - okay, -1 for eof (no more sigs) or any other errorcode
372 walk_sigrecs( SIGREC_CONTEXT *c )
380 if( !c->ctl.init_done ) {
381 c->ctl.init_done = 1;
382 read_record( c->lid, r, 0 );
383 if( r->rectype != RECTYPE_DIR ) {
385 return -1; /* return eof */
387 c->ctl.nextuid = r->r.dir.uidlist;
389 c->ctl.index = SIGS_PER_RECORD;
393 /* need a loop to skip over deleted sigs */
395 if( c->ctl.index >= SIGS_PER_RECORD ) { /* read the record */
396 rnum = r->r.sig.next;
397 if( !rnum && c->ctl.nextuid ) { /* read next uid record */
398 read_record( c->ctl.nextuid, r, RECTYPE_UID );
399 c->ctl.nextuid = r->r.uid.next;
400 rnum = r->r.uid.siglist;
404 return -1; /* return eof */
406 read_record( rnum, r, RECTYPE_SIG );
407 if( r->r.sig.lid != c->lid ) {
408 log_error(_("chained sigrec %lu has a wrong owner\n"), rnum );
414 } while( !r->r.sig.sig[c->ctl.index++].lid );
416 c->sig_lid = r->r.sig.sig[c->ctl.index-1].lid;
417 c->sig_flag = r->r.sig.sig[c->ctl.index-1].flag;
424 /***********************************************
425 ************* Trust stuff ******************
426 ***********************************************/
430 * Verify that all our public keys are in the trustDB.
436 void *enum_context = NULL;
437 PKT_secret_key *sk = m_alloc_clear( sizeof *sk );
438 PKT_public_key *pk = m_alloc_clear( sizeof *pk );
441 while( !(rc=enum_secret_keys( &enum_context, sk, 0 ) ) ) {
442 keyid_from_sk( sk, keyid );
445 log_debug("key %08lX: checking secret key\n", (ulong)keyid[1] );
447 if( is_secret_key_protected( sk ) < 1 )
448 log_info(_("NOTE: secret key %08lX is NOT protected.\n"),
451 /* see whether we can access the public key of this secret key */
452 memset( pk, 0, sizeof *pk );
453 rc = get_pubkey( pk, keyid );
455 log_info(_("key %08lX: secret key without public key - skipped\n"),
460 if( cmp_public_secret_key( pk, sk ) ) {
461 log_info(_("key %08lX: secret and public key don't match\n"),
466 /* make sure that the pubkey is in the trustdb */
467 rc = query_trust_record( pk );
468 if( rc == -1 ) { /* put it into the trustdb */
469 rc = insert_trust_record( pk );
471 log_error(_("key %08lX: can't put it into the trustdb\n"),
477 log_error(_("key %08lX: query record failed\n"), (ulong)keyid[1] );
483 log_debug("key %08lX.%lu: stored into ultikey_table\n",
484 (ulong)keyid[1], pk->local_id );
485 if( ins_lid_table_item( ultikey_table, pk->local_id, 0 ) )
486 log_error(_("key %08lX: already in secret key table\n"),
488 else if( opt.verbose > 1 )
489 log_info(_("key %08lX: accepted as secret key.\n"),
492 release_secret_key_parts( sk );
493 release_public_key_parts( pk );
496 log_error(_("enumerate secret keys failed: %s\n"), g10_errstr(rc) );
500 enum_secret_keys( &enum_context, NULL, 0 ); /* free context */
501 free_secret_key( sk );
502 free_public_key( pk );
508 print_user_id( const char *text, u32 *keyid )
513 p = get_user_id( keyid, &n );
515 fputs( text, stdout);
519 print_string( stdout, p, n, 0 );
527 print_keyid( FILE *fp, ulong lid )
530 if( keyid_from_lid( lid, ki ) )
531 return fprintf(fp, "????????.%lu", lid );
533 return fprintf(fp, "%08lX.%lu", (ulong)ki[1], lid );
537 print_trust( FILE *fp, unsigned trust )
541 case TRUST_UNKNOWN: c = 'o'; break;
542 case TRUST_EXPIRED: c = 'e'; break;
543 case TRUST_UNDEFINED: c = 'q'; break;
544 case TRUST_NEVER: c = 'n'; break;
545 case TRUST_MARGINAL: c = 'm'; break;
546 case TRUST_FULLY: c = 'f'; break;
547 case TRUST_ULTIMATE: c = 'u'; break;
548 default: fprintf(fp, "%02x", trust ); return 2;
556 print_sigflags( FILE *fp, unsigned flags )
558 if( flags & SIGF_CHECKED ) {
560 (flags & SIGF_VALID) ? 'V':'-',
561 (flags & SIGF_EXPIRED) ? 'E':'-',
562 (flags & SIGF_REVOKED) ? 'R':'-');
564 else if( flags & SIGF_NOPUBKEY)
571 /* (a non-recursive algorithm would be easier) */
573 do_list_sigs( ulong root, ulong pk_lid, int depth,
574 LOCAL_ID_TABLE lids, unsigned *lineno )
580 memset( &sx, 0, sizeof sx );
583 rc = walk_sigrecs( &sx ); /* should we replace it and use */
584 if( rc ) /* use a loop like in collect_paths ??*/
586 rc = keyid_from_lid( sx.sig_lid, keyid );
588 printf("%6u: %*s????????.%lu:", *lineno, depth*4, "", sx.sig_lid );
589 print_sigflags( stdout, sx.sig_flag );
594 printf("%6u: %*s%08lX.%lu:", *lineno, depth*4, "",
595 (ulong)keyid[1], sx.sig_lid );
596 print_sigflags( stdout, sx.sig_flag );
598 /* check whether we already checked this pk_lid */
599 if( !qry_lid_table_flag( ultikey_table, sx.sig_lid, NULL ) ) {
600 print_user_id("[ultimately trusted]", keyid);
603 else if( sx.sig_lid == pk_lid ) {
604 printf("[self-signature]\n");
607 else if( sx.sig_lid == root ) {
608 printf("[closed]\n");
611 else if( ins_lid_table_item( lids, sx.sig_lid, *lineno ) ) {
613 qry_lid_table_flag( lids, sx.sig_lid, &refline );
614 printf("[see line %u]\n", refline);
617 else if( depth+1 >= MAX_LIST_SIGS_DEPTH ) {
618 print_user_id( "[too deeply nested]", keyid );
622 print_user_id( "", keyid );
624 rc = do_list_sigs( root, sx.sig_lid, depth+1, lids, lineno );
630 return rc==-1? 0 : rc;
634 * List all signatures of a public key
637 list_sigs( ulong pubkey_id )
644 rc = keyid_from_lid( pubkey_id, keyid );
647 printf("Signatures of %08lX.%lu ", (ulong)keyid[1], pubkey_id );
648 print_user_id("", keyid);
649 printf("----------------------\n");
651 lids = new_lid_table();
652 rc = do_list_sigs( pubkey_id, pubkey_id, 0, lids, &lineno );
654 release_lid_table(lids);
659 * List all records of a public key
662 list_records( ulong lid )
665 TRUSTREC dr, ur, rec;
668 rc = tdbio_read_record( lid, &dr, RECTYPE_DIR );
670 log_error(_("lid %lu: read dir record failed: %s\n"),
671 lid, g10_errstr(rc));
674 tdbio_dump_record( &dr, stdout );
676 for( recno=dr.r.dir.keylist; recno; recno = rec.r.key.next ) {
677 rc = tdbio_read_record( recno, &rec, 0 );
679 log_error(_("lid %lu: read key record failed: %s\n"),
680 lid, g10_errstr(rc));
683 tdbio_dump_record( &rec, stdout );
686 for( recno=dr.r.dir.uidlist; recno; recno = ur.r.uid.next ) {
687 rc = tdbio_read_record( recno, &ur, RECTYPE_UID );
689 log_error(_("lid %lu: read uid record failed: %s\n"),
690 lid, g10_errstr(rc));
693 tdbio_dump_record( &ur, stdout );
694 /* preference records */
695 for(recno=ur.r.uid.prefrec; recno; recno = rec.r.pref.next ) {
696 rc = tdbio_read_record( recno, &rec, RECTYPE_PREF );
698 log_error(_("lid %lu: read pref record failed: %s\n"),
699 lid, g10_errstr(rc));
702 tdbio_dump_record( &rec, stdout );
705 for(recno=ur.r.uid.siglist; recno; recno = rec.r.sig.next ) {
706 rc = tdbio_read_record( recno, &rec, RECTYPE_SIG );
708 log_error(_("lid %lu: read sig record failed: %s\n"),
709 lid, g10_errstr(rc));
712 tdbio_dump_record( &rec, stdout );
716 /* add cache record dump here */
727 * stack is an array of (max_path+1) elements. If trust_seg_head is not
728 * NULL it is a pointer to a variable which will receive a linked list
729 * of trust paths - The caller has to free the memory.
732 collect_paths( int depth, int max_depth, int all, TRUSTREC *drec,
733 TRUST_INFO *stack, TRUST_SEG_LIST *trust_seg_head )
738 LOCAL_ID_TABLE sigs_seen = NULL;
740 if( depth >= max_depth ) /* max cert_depth reached */
741 return TRUST_UNDEFINED;
744 for(i=0; i < depth; i++ )
745 if( stack[i].lid == drec->r.dir.lid )
746 return TRUST_UNDEFINED; /* closed (we already visited this lid) */
749 stack[depth].lid = drec->r.dir.lid;
750 stack[depth].otrust = drec->r.dir.ownertrust;
751 stack[depth].trust = 0;
752 if( !qry_lid_table_flag( ultikey_table, drec->r.dir.lid, NULL ) ) {
753 /* we are at the end of a path */
757 stack[depth].trust = TRUST_ULTIMATE;
758 if( trust_seg_head ) {
759 /* we can now put copy our current stack to the trust_seg_list */
760 tsl = m_alloc( sizeof *tsl + (depth+1)*sizeof( TRUST_INFO ) );
761 for(i=0; i <= depth; i++ )
762 tsl->path[i] = stack[i];
764 tsl->next = *trust_seg_head;
765 *trust_seg_head = tsl;
767 return TRUST_ULTIMATE;
770 /* loop over all user-ids */
772 sigs_seen = new_lid_table();
773 for( rn = drec->r.dir.uidlist; rn; rn = uidrn ) {
774 TRUSTREC rec; /* used for uids and sigs */
777 read_record( rn, &rec, RECTYPE_UID );
778 uidrn = rec.r.uid.next;
779 if( !(rec.r.uid.uidflags & UIDF_CHECKED) )
780 continue; /* user id has not been checked */
781 if( !(rec.r.uid.uidflags & UIDF_VALID) )
782 continue; /* user id is not valid */
783 if( (rec.r.uid.uidflags & UIDF_REVOKED) )
784 continue; /* user id has been revoked */
786 /* loop over all signature records */
787 for( rn = rec.r.uid.siglist; rn; rn = sigrn ) {
790 read_record( rn, &rec, RECTYPE_SIG );
791 sigrn = rec.r.sig.next;
793 for(i=0; i < SIGS_PER_RECORD; i++ ) {
797 if( !rec.r.sig.sig[i].lid )
798 continue; /* skip deleted sigs */
799 if( !(rec.r.sig.sig[i].flag & SIGF_CHECKED) )
800 continue; /* skip unchecked signatures */
801 if( !(rec.r.sig.sig[i].flag & SIGF_VALID) )
802 continue; /* skip invalid signatures */
803 if( (rec.r.sig.sig[i].flag & SIGF_EXPIRED) )
804 continue; /* skip expired signatures */
805 if( (rec.r.sig.sig[i].flag & SIGF_REVOKED) )
806 continue; /* skip revoked signatures */
808 /* visit every signer only once (a signer may have
809 * signed multizple user IDs */
810 if( sigs_seen && ins_lid_table_item( sigs_seen,
811 rec.r.sig.sig[i].lid, 0) )
812 continue; /* we alread have this one */
814 read_record( rec.r.sig.sig[i].lid, &tmp, 0 );
815 if( tmp.rectype != RECTYPE_DIR ) {
816 log_info("oops: lid %lu: sig %lu has rectype %d"
818 drec->r.dir.lid, tmp.recnum, tmp.rectype );
821 ot = tmp.r.dir.ownertrust & TRUST_MASK;
822 if( ot >= TRUST_FULLY )
823 ot = TRUST_FULLY; /* just in case */
824 nt = collect_paths( depth+1, max_depth, all, &tmp, stack,
828 if( nt < TRUST_MARGINAL ) {
832 if( nt == TRUST_ULTIMATE ) {
833 /* we have signed this key and only in this special case
834 * we assume that this one is fully trusted */
837 release_lid_table( sigs_seen );
838 return (stack[depth].trust = TRUST_FULLY);
842 if( nt >= TRUST_FULLY )
844 if( nt >= TRUST_MARGINAL )
847 if( fully >= opt.completes_needed
848 || marginal >= opt.marginals_needed ) {
851 release_lid_table( sigs_seen );
852 return (stack[depth].trust = TRUST_FULLY);
859 release_lid_table( sigs_seen );
860 if( all && ( fully >= opt.completes_needed
861 || marginal >= opt.marginals_needed ) ) {
862 return (stack[depth].trust = TRUST_FULLY );
865 return (stack[depth].trust = TRUST_MARGINAL);
867 return (stack[depth].trust=TRUST_UNDEFINED);
872 * Given the directory record of a key, check whether we can
873 * find a path to an ultimately trusted key. We do this by
874 * checking all key signatures up to a some depth.
877 verify_key( int max_depth, TRUSTREC *drec )
879 TRUST_INFO *tmppath = m_alloc_clear( (max_depth+1)* sizeof *tmppath );
882 tr = collect_paths( 0, max_depth, 0, drec, tmppath, NULL );
891 * we have the pubkey record and all needed informations are in the trustdb
892 * but nothing more is known.
895 do_check( TRUSTREC *dr, unsigned *trustlevel )
897 if( !dr->r.dir.keylist ) {
898 log_error(_("Ooops, no keys\n"));
899 return G10ERR_TRUSTDB;
901 if( !dr->r.dir.uidlist ) {
902 log_error(_("Ooops, no user ids\n"));
903 return G10ERR_TRUSTDB;
906 *trustlevel = verify_key( MAX_CERT_DEPTH, dr );
908 if( dr->r.dir.dirflags & DIRF_REVOKED )
909 *trustlevel |= TRUST_FLAG_REVOKED;
916 * Perform some checks over the trustdb
917 * level 0: only open the db
918 * 1: used for initial program startup
921 init_trustdb( int level, const char *dbname )
926 ultikey_table = new_lid_table();
928 if( !level || level==1 ) {
929 rc = tdbio_set_dbname( dbname, !!level );
935 /* verify that our own keys are in the trustDB
936 * or move them to the trustdb. */
937 rc = verify_own_keys();
939 /* should we check whether there is no other ultimately trusted
940 * key in the database? */
951 list_trustdb( const char *username )
955 if( username && *username == '#' ) {
957 ulong lid = atoi(username+1);
959 if( (rc = list_records( lid)) )
960 log_error(_("user '%s' read problem: %s\n"),
961 username, g10_errstr(rc));
962 else if( (rc = list_sigs( lid )) )
963 log_error(_("user '%s' list problem: %s\n"),
964 username, g10_errstr(rc));
966 else if( username ) {
967 PKT_public_key *pk = m_alloc_clear( sizeof *pk );
970 if( (rc = get_pubkey_byname( NULL, pk, username, NULL )) )
971 log_error(_("user '%s' not found: %s\n"), username, g10_errstr(rc) );
972 else if( (rc=tdbio_search_dir_bypk( pk, &rec )) && rc != -1 )
973 log_error(_("problem finding '%s' in trustdb: %s\n"),
974 username, g10_errstr(rc));
976 log_error(_("user '%s' not in trustdb\n"), username);
977 else if( (rc = list_records( pk->local_id)) )
978 log_error(_("user '%s' read problem: %s\n"),
979 username, g10_errstr(rc));
980 else if( (rc = list_sigs( pk->local_id )) )
981 log_error(_("user '%s' list problem: %s\n"),
982 username, g10_errstr(rc));
983 free_public_key( pk );
989 printf("TrustDB: %s\n", tdbio_get_dbname() );
990 for(i=9+strlen(tdbio_get_dbname()); i > 0; i-- )
993 for(recnum=0; !tdbio_read_record( recnum, &rec, 0); recnum++ )
994 tdbio_dump_record( &rec, stdout );
999 * Print a list of all defined owner trust value.
1011 printf(_("# List of assigned trustvalues, created %s\n"
1012 "# (Use \"gpgm --import-ownertrust\" to restore them)\n"),
1013 asctimestamp( make_timestamp() ) );
1014 for(recnum=0; !tdbio_read_record( recnum, &rec, 0); recnum++ ) {
1015 if( rec.rectype == RECTYPE_DIR ) {
1016 if( !rec.r.dir.keylist ) {
1017 log_error(_("directory record w/o primary key\n"));
1020 if( !rec.r.dir.ownertrust )
1022 rc = tdbio_read_record( rec.r.dir.keylist, &rec2, RECTYPE_KEY);
1024 log_error(_("error reading key record: %s\n"), g10_errstr(rc));
1027 p = rec2.r.key.fingerprint;
1028 for(i=0; i < rec2.r.key.fingerprint_len; i++, p++ )
1029 printf("%02X", *p );
1030 printf(":%u:\n", (unsigned)rec.r.dir.ownertrust );
1037 import_ownertrust( const char *fname )
1046 if( !fname || (*fname == '-' && !fname[1]) ) {
1051 else if( !(fp = fopen( fname, "r" )) ) {
1052 log_error_f(fname, _("can't open file: %s\n"), strerror(errno) );
1056 while( fgets( line, DIM(line)-1, fp ) ) {
1060 if( !*line || *line == '#' )
1063 if( line[n-1] != '\n' ) {
1064 log_error_f(fname, _("line to long\n") );
1065 /* ... or last line does not have a LF */
1066 break; /* can't continue */
1068 for(p = line; *p && *p != ':' ; p++ )
1072 log_error_f(fname, _("error: missing colon\n") );
1076 if( fprlen != 32 && fprlen != 40 ) {
1077 log_error_f(fname, _("error: invalid fingerprint\n") );
1080 if( sscanf(p, ":%u:", &otrust ) != 1 ) {
1081 log_error_f(fname, _("error: no ownertrust value\n") );
1085 continue; /* no otrust defined - no need to update or insert */
1086 /* convert the ascii fingerprint to binary */
1087 for(p=line, fprlen=0; *p != ':'; p += 2 )
1088 line[fprlen++] = HEXTOBIN(p[0]) * 16 + HEXTOBIN(p[1]);
1092 rc = tdbio_search_dir_byfpr( line, fprlen, 0, &rec );
1093 if( !rc ) { /* found: update */
1094 if( rec.r.dir.ownertrust )
1095 log_info(_("LID %lu: changing trust from %u to %u\n"),
1096 rec.r.dir.lid, rec.r.dir.ownertrust, otrust );
1098 log_info(_("LID %lu: setting trust to %u\n"),
1099 rec.r.dir.lid, otrust );
1100 rec.r.dir.ownertrust = otrust;
1101 write_record( &rec );
1103 else if( rc == -1 ) { /* not found; get the key from the ring */
1104 PKT_public_key *pk = m_alloc_clear( sizeof *pk );
1106 log_info_f(fname, _("key not in trustdb, searching ring.\n"));
1107 rc = get_pubkey_byfprint( pk, line, fprlen );
1109 log_info_f(fname, _("key not in ring: %s\n"), g10_errstr(rc));
1111 rc = query_trust_record( pk ); /* only as assertion */
1113 log_error_f(fname, _("Oops: key is now in trustdb???\n"));
1115 rc = insert_trust_record( pk );
1117 goto repeat; /* update the ownertrust */
1118 log_error_f(fname, _("insert trust record failed: %s\n"),
1124 log_error_f(fname, _("error finding dir record: %s\n"),
1128 log_error_f(fname, _("read error: %s\n"), strerror(errno) );
1138 print_path( int pathlen, TRUST_INFO *path )
1143 fputs("path:", stdout);
1144 for( i = 0; i < pathlen; i++ ) {
1146 fputs(" ", stdout );
1147 rc = keyid_from_lid( path[i].lid, keyid );
1149 printf(" ????????.%lu:", path[i].lid );
1151 printf(" %08lX.%lu:", (ulong)keyid[1], path[i].lid );
1152 print_sigflags( stdout, path[i].otrust );
1160 list_trust_path( int max_depth, const char *username )
1165 TRUST_INFO *tmppath;
1166 TRUST_SEG_LIST trust_seg_list, tsl, tsl2;
1167 PKT_public_key *pk = m_alloc_clear( sizeof *pk );
1169 if( max_depth < 0 ) {
1171 max_depth = -max_depth;
1174 if( (rc = get_pubkey_byname(NULL, pk, username, NULL )) )
1175 log_error(_("user '%s' not found: %s\n"), username, g10_errstr(rc) );
1176 else if( (rc=tdbio_search_dir_bypk( pk, &rec )) && rc != -1 )
1177 log_error(_("problem finding '%s' in trustdb: %s\n"),
1178 username, g10_errstr(rc));
1179 else if( rc == -1 ) {
1180 log_info(_("user '%s' not in trustdb - inserting\n"), username);
1181 rc = insert_trust_record( pk );
1183 log_error(_("failed to put '%s' into trustdb: %s\n"),
1184 username, g10_errstr(rc));
1186 assert( pk->local_id );
1189 free_public_key( pk );
1191 /* collect the paths */
1192 tmppath = m_alloc_clear( (max_depth+1)* sizeof *tmppath );
1193 trust_seg_list = NULL;
1194 collect_paths( 0, max_depth, 1, &rec, tmppath, &trust_seg_list );
1196 /* and now print them */
1197 for(tsl = trust_seg_list; tsl; tsl = tsl->next ) {
1198 print_path( tsl->pathlen, tsl->path );
1201 /* release the list */
1202 for(tsl = trust_seg_list; tsl; tsl = tsl2 ) {
1206 trust_seg_list = NULL;
1211 * Check the complete trustdb or only the entries for the given username.
1212 * We check the complete database and recalculate all flags.
1215 check_trustdb( const char *username )
1218 KBNODE keyblock = NULL;
1223 rc = find_keyblock_byname( &kbpos, username );
1225 rc = read_keyblock( &kbpos, &keyblock );
1227 log_error(_("%s: keyblock read problem: %s\n"),
1228 username, g10_errstr(rc));
1233 rc = update_trust_record( keyblock, 0, &modified );
1234 if( rc == -1 ) { /* not yet in trustdb: insert */
1235 rc = insert_trust_record(
1236 find_kbnode( keyblock, PKT_PUBLIC_KEY
1237 ) ->pkt->pkt.public_key );
1241 log_error(_("%s: update failed: %s\n"),
1242 username, g10_errstr(rc) );
1244 log_info(_("%s: updated\n"), username );
1246 log_info(_("%s: okay\n"), username );
1249 release_kbnode( keyblock ); keyblock = NULL;
1253 ulong count=0, upd_count=0, err_count=0, skip_count=0;
1255 for(recnum=0; !tdbio_read_record( recnum, &rec, 0); recnum++ ) {
1256 if( rec.rectype == RECTYPE_DIR ) {
1260 if( !rec.r.dir.keylist ) {
1261 log_info(_("lid %lu: dir record w/o key - skipped\n"),
1268 read_record( rec.r.dir.keylist, &tmp, RECTYPE_KEY );
1270 rc = get_keyblock_byfprint( &keyblock,
1271 tmp.r.key.fingerprint,
1272 tmp.r.key.fingerprint_len );
1274 log_error(_("lid %lu: keyblock not found: %s\n"),
1275 recnum, g10_errstr(rc) );
1281 rc = update_trust_record( keyblock, 0, &modified );
1283 log_error(_("lid %lu: update failed: %s\n"),
1284 recnum, g10_errstr(rc) );
1287 else if( modified ) {
1289 log_info(_("lid %lu: updated\n"), recnum );
1292 else if( opt.verbose > 1 )
1293 log_info(_("lid %lu: okay\n"), recnum );
1295 release_kbnode( keyblock ); keyblock = NULL;
1296 if( !(++count % 100) )
1297 log_info(_("%lu keys so far processed\n"), count);
1300 log_info(_("%lu keys processed\n"), count);
1302 log_info(_("\t%lu keys skipped\n"), skip_count);
1304 log_info(_("\t%lu keys with errors\n"), err_count);
1306 log_info(_("\t%lu keys updated\n"), upd_count);
1312 * Put new entries from the pubrings into the trustdb.
1313 * This function honors the sig flags to speed up the check.
1318 KBNODE keyblock = NULL;
1322 rc = enum_keyblocks( 0, &kbpos, &keyblock );
1324 ulong count=0, upd_count=0, err_count=0, new_count=0;
1326 while( !(rc = enum_keyblocks( 1, &kbpos, &keyblock )) ) {
1329 rc = update_trust_record( keyblock, 1, &modified );
1330 if( rc == -1 ) { /* not yet in trustdb: insert */
1331 PKT_public_key *pk =
1332 find_kbnode( keyblock, PKT_PUBLIC_KEY
1333 ) ->pkt->pkt.public_key;
1334 rc = insert_trust_record( pk );
1335 if( rc && !pk->local_id ) {
1336 log_error(_("lid ?: insert failed: %s\n"),
1341 log_error(_("lid %lu: insert failed: %s\n"),
1342 pk->local_id, g10_errstr(rc) );
1347 log_info(_("lid %lu: inserted\n"), pk->local_id );
1352 log_error(_("lid %lu: update failed: %s\n"),
1353 lid_from_keyblock(keyblock), g10_errstr(rc) );
1356 else if( modified ) {
1358 log_info(_("lid %lu: updated\n"), lid_from_keyblock(keyblock));
1361 else if( opt.verbose > 1 )
1362 log_info(_("lid %lu: okay\n"), lid_from_keyblock(keyblock) );
1364 release_kbnode( keyblock ); keyblock = NULL;
1365 if( !(++count % 100) )
1366 log_info(_("%lu keys so far processed\n"), count);
1368 log_info(_("%lu keys processed\n"), count);
1370 log_info(_("\t%lu keys with errors\n"), err_count);
1372 log_info(_("\t%lu keys updated\n"), upd_count);
1374 log_info(_("\t%lu keys inserted\n"), new_count);
1376 if( rc && rc != -1 )
1377 log_error(_("enumerate keyblocks failed: %s\n"), g10_errstr(rc));
1379 enum_keyblocks( 2, &kbpos, &keyblock ); /* close */
1380 release_kbnode( keyblock );
1386 * Get the trustlevel for this PK.
1387 * Note: This does not ask any questions
1388 * Returns: 0 okay of an errorcode
1390 * It operates this way:
1391 * locate the pk in the trustdb
1393 * Do we have a valid cache record for it?
1394 * yes: return trustlevel from cache
1395 * no: make a cache record and all the other stuff
1397 * try to insert the pubkey into the trustdb and check again
1399 * Problems: How do we get the complete keyblock to check that the
1400 * cache record is actually valid? Think we need a clever
1401 * cache in getkey.c to keep track of this stuff. Maybe it
1402 * is not necessary to check this if we use a local pubring. Hmmmm.
1405 check_trust( PKT_public_key *pk, unsigned *r_trustlevel )
1408 unsigned trustlevel = TRUST_UNKNOWN;
1414 keyid_from_pk( pk, keyid );
1416 /* get the pubkey record */
1417 if( pk->local_id ) {
1418 read_record( pk->local_id, &rec, RECTYPE_DIR );
1420 else { /* no local_id: scan the trustdb */
1421 if( (rc=tdbio_search_dir_bypk( pk, &rec )) && rc != -1 ) {
1422 log_error(_("check_trust: search dir record failed: %s\n"),
1426 else if( rc == -1 ) { /* not found - insert */
1427 rc = insert_trust_record( pk );
1429 log_error(_("key %08lX: insert trust record failed: %s\n"),
1430 (ulong)keyid[1], g10_errstr(rc));
1433 log_info(_("key %08lX.%lu: inserted into trustdb\n"),
1434 (ulong)keyid[1], pk->local_id );
1435 /* and re-read the dir record */
1436 read_record( pk->local_id, &rec, RECTYPE_DIR );
1439 cur_time = make_timestamp();
1440 if( pk->timestamp > cur_time ) {
1441 log_info(_("key %08lX.%lu: created in future "
1442 "(time warp or clock problem)\n"),
1443 (ulong)keyid[1], pk->local_id );
1444 return G10ERR_TIME_CONFLICT;
1447 if( pk->expiredate && pk->expiredate <= cur_time ) {
1448 log_info(_("key %08lX.%lu: expired at %s\n"),
1449 (ulong)keyid[1], pk->local_id,
1450 asctimestamp( pk->expiredate) );
1451 trustlevel = TRUST_EXPIRED;
1454 rc = do_check( &rec, &trustlevel );
1456 log_error(_("key %08lX.%lu: trust check failed: %s\n"),
1457 (ulong)keyid[1], pk->local_id, g10_errstr(rc));
1465 log_debug("check_trust() returns trustlevel %04x.\n", trustlevel);
1466 *r_trustlevel = trustlevel;
1472 query_trust_info( PKT_public_key *pk )
1474 unsigned trustlevel;
1477 if( check_trust( pk, &trustlevel ) )
1479 if( trustlevel & TRUST_FLAG_REVOKED )
1481 switch( (trustlevel & TRUST_MASK) ) {
1482 case TRUST_UNKNOWN: c = 'o'; break;
1483 case TRUST_EXPIRED: c = 'e'; break;
1484 case TRUST_UNDEFINED: c = 'q'; break;
1485 case TRUST_NEVER: c = 'n'; break;
1486 case TRUST_MARGINAL: c = 'm'; break;
1487 case TRUST_FULLY: c = 'f'; break;
1488 case TRUST_ULTIMATE: c = 'u'; break;
1497 * Enumerate all keys, which are needed to build all trust paths for
1498 * the given key. This function does not return the key itself or
1501 * 1) create a void pointer and initialize it to NULL
1502 * 2) pass this void pointer by reference to this function.
1503 * Set lid to the key you want to enumerate and pass it by reference.
1504 * 3) call this function as long as it does not return -1
1505 * to indicate EOF. LID does contain the next key used to build the web
1506 * 4) Always call this function a last time with LID set to NULL,
1507 * so that it can free its context.
1510 enum_trust_web( void **context, ulong *lid )
1519 TRUST_INFO *tmppath;
1520 TRUST_SEG_LIST trust_seg_list, tsl, tsl2;
1521 PKT_public_key *pk = m_alloc_clear( sizeof *pk );
1526 ctx = m_alloc_clear( sizeof *ctx );
1528 /* collect the paths */
1529 read_record( *lid, &rec, RECTYPE_DIR );
1530 tmppath = m_alloc_clear( (MAX_CERT_DEPTH+1)* sizeof *tmppath );
1531 trust_seg_list = NULL;
1532 collect_paths( 0, MAX_CERT_DEPTH, 1, &rec, tmppath, &trust_seg_list );
1534 /* and now print them */
1535 for(tsl = trust_seg_list; tsl; tsl = tsl->next ) {
1536 print_path( tsl->pathlen, tsl->path );
1542 if( !lid ) { /* release the context */
1544 /* release the list */
1545 for(tsl = trust_seg_list; tsl; tsl = tsl2 ) {
1549 trust_seg_list = NULL;
1552 return -1; /* eof */
1557 * Return the assigned ownertrust value for the given LID
1560 get_ownertrust( ulong lid )
1564 read_record( lid, &rec, RECTYPE_DIR );
1565 return rec.r.dir.ownertrust;
1569 get_ownertrust_info( ulong lid )
1574 otrust = get_ownertrust( lid );
1575 switch( (otrust & TRUST_MASK) ) {
1576 case TRUST_NEVER: c = 'n'; break;
1577 case TRUST_MARGINAL: c = 'm'; break;
1578 case TRUST_FULLY: c = 'f'; break;
1579 case TRUST_ULTIMATE: c = 'u'; break;
1580 default: c = '-'; break;
1587 get_pref_data( ulong lid, const byte *namehash, size_t *ret_n )
1592 read_record( lid, &rec, RECTYPE_DIR );
1593 for( recno=rec.r.dir.uidlist; recno; recno = rec.r.uid.next ) {
1594 read_record( recno, &rec, RECTYPE_UID );
1595 if( rec.r.uid.prefrec
1596 && ( !namehash || !memcmp(namehash, rec.r.uid.namehash, 20) )) {
1598 /* found the correct one or the first one */
1599 read_record( rec.r.uid.prefrec, &rec, RECTYPE_PREF );
1600 if( rec.r.pref.next )
1601 log_info(_("WARNING: can't yet handle long pref records\n"));
1602 buf = m_alloc( ITEMS_PER_PREF_RECORD );
1603 memcpy( buf, rec.r.pref.data, ITEMS_PER_PREF_RECORD );
1604 *ret_n = ITEMS_PER_PREF_RECORD;
1614 * Check whether the algorithm is in one of the pref records
1617 is_algo_in_prefs( ulong lid, int preftype, int algo )
1624 read_record( lid, &rec, RECTYPE_DIR );
1625 for( recno=rec.r.dir.uidlist; recno; recno = rec.r.uid.next ) {
1626 read_record( recno, &rec, RECTYPE_UID );
1627 if( rec.r.uid.prefrec ) {
1628 read_record( rec.r.uid.prefrec, &rec, RECTYPE_PREF );
1629 if( rec.r.pref.next )
1630 log_info(_("WARNING: can't yet handle long pref records\n"));
1631 pref = rec.r.pref.data;
1632 for(i=0; i+1 < ITEMS_PER_PREF_RECORD; i+=2 ) {
1633 if( pref[i] == preftype && pref[i+1] == algo )
1643 get_dir_record( PKT_public_key *pk, TRUSTREC *rec )
1647 if( pk->local_id ) {
1648 read_record( pk->local_id, rec, RECTYPE_DIR );
1650 else { /* no local_id: scan the trustdb */
1651 if( (rc=tdbio_search_dir_bypk( pk, rec )) && rc != -1 )
1652 log_error(_("get_dir_record: search_record failed: %s\n"),
1661 * This function simply looks for the key in the trustdb
1662 * and makes sure that pk->local_id is set to the coreect value.
1668 query_trust_record( PKT_public_key *pk )
1671 return get_dir_record( pk, &rec );
1674 /* FIXME: Brauchen wir das?? */
1676 clear_trust_checked_flag( PKT_public_key *pk )
1681 rc = get_dir_record( pk, &rec );
1685 if( !(rec.r.dir.dirflags & DIRF_CHECKED) )
1688 /* reset the flag */
1689 rec.r.dir.dirflags &= ~DIRF_CHECKED;
1690 write_record( &rec );
1699 check_hint_sig( ulong lid, KBNODE keyblock, u32 *keyid, byte *uidrec_hash,
1700 TRUSTREC *sigrec, int sigidx, ulong hint_owner )
1706 PKT_signature *sigpkt = NULL;
1711 if( sigrec->r.sig.sig[sigidx].flag & SIGF_CHECKED )
1712 log_info(_("NOTE: sig rec %lu[%d] in hintlist "
1713 "of %lu but marked as checked\n"),
1714 sigrec->recnum, sigidx, hint_owner );
1715 if( !(sigrec->r.sig.sig[sigidx].flag & SIGF_NOPUBKEY) )
1716 log_info(_("NOTE: sig rec %lu[%d] in hintlist "
1717 "of %lu but not marked\n"),
1718 sigrec->recnum, sigidx, hint_owner );
1720 read_record( sigrec->r.sig.sig[sigidx].lid, &tmp, 0 );
1721 if( tmp.rectype != RECTYPE_DIR ) {
1722 /* we need the dir record */
1723 log_error(_("sig rec %lu[%d] in hintlist "
1724 "of %lu does not point to a dir record\n"),
1725 sigrec->recnum, sigidx, hint_owner );
1728 if( !tmp.r.dir.keylist ) {
1729 log_error(_("lid %lu: no primary key\n"), tmp.r.dir.lid );
1732 read_record(tmp.r.dir.keylist, &tmp, RECTYPE_KEY );
1733 keyid_from_fingerprint( tmp.r.key.fingerprint,
1734 tmp.r.key.fingerprint_len, sigkid );
1737 /* find the correct signature packet */
1739 for( node=keyblock; node; node = node->next ) {
1740 if( node->pkt->pkttype == PKT_USER_ID ) {
1741 PKT_user_id *uidpkt = node->pkt->pkt.user_id;
1745 rmd160_hash_buffer( uhash, uidpkt->name, uidpkt->len );
1746 if( !memcmp( uhash, uidrec_hash, 20 ) )
1749 else if( state && node->pkt->pkttype == PKT_SIGNATURE ) {
1750 sigpkt = node->pkt->pkt.signature;
1751 if( sigpkt->keyid[0] == sigkid[0]
1752 && sigpkt->keyid[1] == sigkid[1]
1753 && ( (sigpkt->sig_class&~3) == 0x10
1754 || ( revoke = (sigpkt->sig_class == 0x30)) ) ) {
1762 log_info(_("lid %lu: user id not found in keyblock\n"), lid );
1766 log_info(_("lid %lu: user id without signature\n"), lid );
1770 /* and check the sig */
1771 rc = check_key_signature( keyblock, node, &is_selfsig );
1773 log_error(_("lid %lu: self-signature in hintlist\n"), lid );
1777 /* FiXME: handling fo SIGF_REVOKED is not correct! */
1779 if( !rc ) { /* valid signature */
1781 log_info("sig %08lX.%lu/%02X%02X/%08lX: %s\n",
1782 (ulong)keyid[1], lid, uhash[18], uhash[19],
1783 (ulong)sigpkt->keyid[1],
1784 revoke? _("Valid certificate revocation")
1785 : _("Good certificate") );
1786 sigrec->r.sig.sig[sigidx].flag = SIGF_CHECKED | SIGF_VALID;
1788 sigrec->r.sig.sig[sigidx].flag |= SIGF_REVOKED;
1790 else if( rc == G10ERR_NO_PUBKEY ) {
1791 log_info("sig %08lX.%lu/%02X%02X/%08lX: %s\n",
1792 (ulong)keyid[1], lid, uhash[18], uhash[19],
1793 (ulong)sigpkt->keyid[1],
1794 _("very strange: no public key\n") );
1795 sigrec->r.sig.sig[sigidx].flag = SIGF_NOPUBKEY;
1798 log_info("sig %08lX.%lu/%02X%02X/%08lX: %s\n",
1799 (ulong)keyid[1], lid, uhash[18], uhash[19],
1800 (ulong)sigpkt->keyid[1], g10_errstr(rc) );
1801 sigrec->r.sig.sig[sigidx].flag = SIGF_CHECKED;
1808 * Process a hintlist.
1809 * Fixme: this list is not anymore anchored to another
1810 * record, so it should be put elsewehere in case of an error
1813 process_hintlist( ulong hintlist, ulong hint_owner )
1818 for( hlst_rn = hintlist; hlst_rn; ) {
1822 read_record( hlst_rn, &hlstrec, RECTYPE_HLST );
1824 for( hlst_idx=0; hlst_idx < ITEMS_PER_HLST_RECORD; hlst_idx++ ) {
1828 KBNODE keyblock = NULL;
1833 lid = hlstrec.r.hlst.rnum[hlst_idx];
1837 read_record( lid, &dirrec, 0 );
1838 /* make sure it points to a dir record:
1839 * this should be true because it only makes sense to
1840 * call this function if the dir record is available */
1841 if( dirrec.rectype != RECTYPE_DIR ) {
1842 log_error(_("hintlist %lu[%d] of %lu "
1843 "does not point to a dir record\n"),
1844 hlst_rn, hlst_idx, hint_owner );
1847 if( !dirrec.r.dir.keylist ) {
1848 log_error(_("lid %lu does not have a key\n"), lid );
1852 /* get the keyblock */
1853 read_record( dirrec.r.dir.keylist, &tmprec, RECTYPE_KEY );
1854 rc = get_keyblock_byfprint( &keyblock,
1855 tmprec.r.key.fingerprint,
1856 tmprec.r.key.fingerprint_len );
1858 log_error(_("lid %lu: can't get keyblock: %s\n"),
1859 lid, g10_errstr(rc) );
1862 keyid_from_fingerprint( tmprec.r.key.fingerprint,
1863 tmprec.r.key.fingerprint_len, keyid );
1865 /* Walk over all user ids and their signatures and check all
1866 * the signature which are created by hint_owner */
1867 for( r1 = dirrec.r.dir.uidlist; r1; r1 = uidrec.r.uid.next ) {
1870 read_record( r1, &uidrec, RECTYPE_UID );
1871 for( r2 = uidrec.r.uid.siglist; r2; r2 = sigrec.r.sig.next ) {
1874 read_record( r2, &sigrec, RECTYPE_SIG );
1876 for(i=0; i < SIGS_PER_RECORD; i++ ) {
1877 if( !sigrec.r.sig.sig[i].lid )
1878 continue; /* skip deleted sigs */
1879 if( sigrec.r.sig.sig[i].lid != hint_owner )
1880 continue; /* not for us */
1881 /* some diagnostic messages */
1882 /* and do the signature check */
1883 check_hint_sig( lid, keyblock, keyid,
1884 uidrec.r.uid.namehash,
1885 &sigrec, i, hint_owner );
1888 write_record( &sigrec );
1891 release_kbnode( keyblock );
1892 } /* loop over hlst entries */
1894 /* delete this hlst record */
1895 hlst_rn = hlstrec.r.hlst.next;
1896 delete_record( hlstrec.recnum );
1897 } /* loop over hintlist */
1902 * Create or update shadow dir record and return the LID of the record
1905 create_shadow_dir( PKT_signature *sig, ulong lid )
1907 TRUSTREC sdir, hlst, tmphlst;
1908 ulong recno, newlid;
1909 int tmpidx=0; /* avoids gcc warnign - this is controlled by tmphlst */
1912 /* first see whether we already have such a record */
1913 rc = tdbio_search_sdir( sig->keyid, sig->pubkey_algo, &sdir );
1914 if( rc && rc != -1 ) {
1915 log_error(_("tdbio_search_dir failed: %s\n"), g10_errstr(rc));
1918 if( rc == -1 ) { /* not found: create */
1919 memset( &sdir, 0, sizeof sdir );
1920 sdir.recnum = tdbio_new_recnum();
1921 sdir.rectype= RECTYPE_SDIR;
1922 sdir.r.sdir.lid = sdir.recnum;
1923 sdir.r.sdir.keyid[0] = sig->keyid[0];
1924 sdir.r.sdir.keyid[1] = sig->keyid[1];
1925 sdir.r.sdir.pubkey_algo = sig->pubkey_algo;
1926 sdir.r.sdir.hintlist = 0;
1927 write_record( &sdir );
1929 newlid = sdir.recnum;
1930 /* Put the record number into the hintlist.
1931 * (It is easier to use the lid and not the record number of the
1932 * key to save some space (assuming that a signator has
1933 * signed more than one user id - and it is easier to implement.)
1936 for( recno=sdir.r.sdir.hintlist; recno; recno = hlst.r.hlst.next) {
1938 read_record( recno, &hlst, RECTYPE_HLST );
1939 for( i=0; i < ITEMS_PER_HLST_RECORD; i++ ) {
1940 if( !hlst.r.hlst.rnum[i] ) {
1941 if( !tmphlst.recnum ) {
1946 else if( hlst.r.hlst.rnum[i] == lid )
1947 return newlid; /* the signature is already in the hintlist */
1950 /* not yet in the hint list, write it */
1951 if( tmphlst.recnum ) { /* we have an empty slot */
1952 tmphlst.r.hlst.rnum[tmpidx] = lid;
1953 write_record( &tmphlst );
1955 else { /* must append a new hlst record */
1956 memset( &hlst, 0, sizeof hlst );
1957 hlst.recnum = tdbio_new_recnum();
1958 hlst.rectype = RECTYPE_HLST;
1959 hlst.r.hlst.next = sdir.r.sdir.hintlist;
1960 hlst.r.hlst.rnum[0] = lid;
1961 write_record( &hlst );
1962 sdir.r.sdir.hintlist = hlst.recnum;
1963 write_record( &sdir );
1971 * This function checks the given public key and inserts or updates
1972 * the keyrecord from the trustdb. Revocation certificates
1973 * are handled here and the keybinding of subkeys is checked.
1974 * Hmmm: Should we check here, that the key has at least one valid
1975 * user ID or do we allow keys w/o user ID?
1977 * keyblock points to the first node in the keyblock,
1978 * keynode is the node with the public key to check
1979 * (either primary or secondary), keyid is the keyid of
1980 * the primary key, drec is the directory record and recno_list
1981 * is a list used to keep track of visited records.
1982 * Existing keyflags are recalculated if recheck is true.
1985 upd_key_record( KBNODE keyblock, KBNODE keynode, u32 *keyid,
1986 TRUSTREC *drec, RECNO_LIST *recno_list, int recheck )
1990 PKT_public_key *pk = keynode->pkt->pkt.public_key;
1991 ulong lid = drec->recnum;
1992 byte fpr[MAX_FINGERPRINT_LEN];
1994 ulong recno, newrecno;
1995 int keybind_seen = 0;
1996 int revoke_seen = 0;
1999 fingerprint_from_pk( pk, fpr, &fprlen );
2000 /* do we already have this key? */
2001 for( recno=drec->r.dir.keylist; recno; recno = krec.r.key.next ) {
2002 read_record( recno, &krec, RECTYPE_KEY );
2003 if( krec.r.key.fingerprint_len == fprlen
2004 && !memcmp( krec.r.key.fingerprint, fpr, fprlen ) )
2007 if( recno ) { /* yes */
2008 ins_recno_list( recno_list, recno, RECTYPE_KEY );
2010 else { /* no: insert this new key */
2012 memset( &krec, 0, sizeof(krec) );
2013 krec.rectype = RECTYPE_KEY;
2014 krec.r.key.lid = lid;
2015 krec.r.key.pubkey_algo = pk->pubkey_algo;
2016 krec.r.key.fingerprint_len = fprlen;
2017 memcpy(krec.r.key.fingerprint, fpr, fprlen );
2018 krec.recnum = newrecno = tdbio_new_recnum();
2019 write_record( &krec );
2020 ins_recno_list( recno_list, newrecno, RECTYPE_KEY );
2021 /* and put this new record at the end of the keylist */
2022 if( !(recno=drec->r.dir.keylist) ) {
2023 /* this is the first key */
2024 drec->r.dir.keylist = newrecno;
2027 else { /* we already have a key, append the new one */
2028 TRUSTREC save = krec;
2029 for( ; recno; recno = krec.r.key.next )
2030 read_record( recno, &krec, RECTYPE_KEY );
2031 krec.r.key.next = newrecno;
2032 write_record( &krec );
2037 if( !recheck && (krec.r.key.keyflags & KEYF_CHECKED) )
2040 /* check keybindings and revocations */
2041 krec.r.key.keyflags = 0;
2042 if( keynode->pkt->pkttype == PKT_PUBLIC_KEY ) {
2043 /* we assume that a primary key is always valid
2044 * and check later whether we have a revocation */
2045 krec.r.key.keyflags |= KEYF_CHECKED | KEYF_VALID;
2048 for( node=keynode->next; node; node = node->next ) {
2051 if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
2053 else if( node->pkt->pkttype != PKT_SIGNATURE )
2056 sig = node->pkt->pkt.signature;
2058 if( keyid[0] != sig->keyid[0] || keyid[1] != sig->keyid[1] )
2059 continue; /* not a self signature */
2060 if( sig->sig_class == 0x18 && !keybind_seen ) { /* a keybinding */
2061 if( keynode->pkt->pkttype == PKT_PUBLIC_KEY )
2062 continue; /* oops, not for a main key */
2063 /* we check until we find a valid keybinding */
2064 rc = check_key_signature( keyblock, node, NULL );
2068 "key %08lX.%lu: Good subkey binding\n"),
2069 (ulong)keyid_from_pk(pk,NULL), lid );
2070 krec.r.key.keyflags |= KEYF_CHECKED | KEYF_VALID;
2074 "key %08lX.%lu: Invalid subkey binding: %s\n"),
2075 (ulong)keyid_from_pk(pk,NULL), lid, g10_errstr(rc) );
2076 krec.r.key.keyflags |= KEYF_CHECKED;
2077 krec.r.key.keyflags &= ~KEYF_VALID;
2081 else if( sig->sig_class == 0x20 && !revoke_seen ) {
2082 if( keynode->pkt->pkttype == PKT_PUBLIC_SUBKEY )
2083 continue; /* a subkey is not expected here */
2084 /* This is a key revocation certificate: check it */
2085 rc = check_key_signature( keyblock, node, NULL );
2089 "key %08lX.%lu: Valid key revocation\n"),
2090 (ulong)keyid_from_pk(pk,NULL), lid );
2091 krec.r.key.keyflags |= KEYF_REVOKED;
2095 "key %08lX.%lu: Invalid key revocation: %s\n"),
2096 (ulong)keyid_from_pk(pk,NULL), lid, g10_errstr(rc) );
2100 else if( sig->sig_class == 0x28 && !revoke_seen ) {
2101 if( keynode->pkt->pkttype == PKT_PUBLIC_KEY )
2102 continue; /* a mainkey is not expected here */
2103 /* This is a subkey revocation certificate: check it */
2104 /* fixme: we should also check the revocation
2105 * is newer than the key (OpenPGP) */
2106 rc = check_key_signature( keyblock, node, NULL );
2110 "key %08lX.%lu: Valid subkey revocation\n"),
2111 (ulong)keyid_from_pk(pk,NULL), lid );
2112 krec.r.key.keyflags |= KEYF_REVOKED;
2116 "key %08lX.%lu: Invalid subkey binding: %s\n"),
2117 (ulong)keyid_from_pk(pk,NULL), lid, g10_errstr(rc) );
2123 write_record( &krec );
2128 * This function checks the given user ID and inserts or updates
2129 * the uid record of the trustdb. Revocation certificates
2132 * keyblock points to the first node in the keyblock,
2133 * uidnode is the node with the user id to check
2134 * keyid is the keyid of
2135 * the primary key, drec is the directory record and recno_list
2136 * is a list used to keep track of visited records.
2137 * Existing uidflags are recalculated if recheck is true.
2140 upd_uid_record( KBNODE keyblock, KBNODE uidnode, u32 *keyid,
2141 TRUSTREC *drec, RECNO_LIST *recno_list, int recheck )
2143 ulong lid = drec->recnum;
2144 PKT_user_id *uid = uidnode->pkt->pkt.user_id;
2146 PKT_signature *selfsig = NULL;
2149 ulong recno, newrecno;
2152 /* see whether we already have an uid record */
2153 rmd160_hash_buffer( uidhash, uid->name, uid->len );
2154 for( recno=drec->r.dir.uidlist; recno; recno = urec.r.uid.next ) {
2155 read_record( recno, &urec, RECTYPE_UID );
2156 if( !memcmp( uidhash, urec.r.uid.namehash, 20 ) )
2159 if( recno ) { /* we already have this record */
2160 ins_recno_list( recno_list, recno, RECTYPE_UID );
2162 else { /* new user id */
2164 memset( &urec, 0 , sizeof(urec) );
2165 urec.rectype = RECTYPE_UID;
2166 urec.r.uid.lid = drec->recnum;
2167 memcpy(urec.r.uid.namehash, uidhash, 20 );
2168 urec.recnum = newrecno = tdbio_new_recnum();
2169 write_record( &urec );
2170 ins_recno_list( recno_list, newrecno, RECTYPE_UID );
2171 /* and put this new record at the end of the uidlist */
2172 if( !(recno=drec->r.dir.uidlist) ) { /* this is the first uid */
2173 drec->r.dir.uidlist = newrecno;
2176 else { /* we already have an uid, append it to the list */
2177 TRUSTREC save = urec;
2178 for( ; recno; recno = urec.r.key.next )
2179 read_record( recno, &urec, RECTYPE_UID );
2180 urec.r.uid.next = newrecno;
2181 write_record( &urec );
2186 if( recheck || !(urec.r.uid.uidflags & UIDF_CHECKED) ) {
2187 /* check self signatures */
2188 urec.r.uid.uidflags = 0;
2189 for( node=uidnode->next; node; node = node->next ) {
2192 if( node->pkt->pkttype == PKT_USER_ID )
2194 if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
2196 if( node->pkt->pkttype != PKT_SIGNATURE )
2199 sig = node->pkt->pkt.signature;
2201 if( keyid[0] != sig->keyid[0] || keyid[1] != sig->keyid[1] )
2202 continue; /* not a self signature */
2204 if( (sig->sig_class&~3) == 0x10 ) { /* regular self signature */
2205 rc = check_key_signature( keyblock, node, NULL );
2208 log_info( "uid %08lX.%lu/%02X%02X: %s\n",
2209 (ulong)keyid[1], lid, uidhash[18], uidhash[19],
2210 _("Good self-signature") );
2211 urec.r.uid.uidflags |= UIDF_CHECKED | UIDF_VALID;
2213 selfsig = sig; /* use the first valid sig */
2216 log_info( "uid %08lX/%02X%02X: %s: %s\n",
2217 (ulong)keyid[1], uidhash[18], uidhash[19],
2218 _("Invalid self-signature"),
2220 urec.r.uid.uidflags |= UIDF_CHECKED;
2223 else if( sig->sig_class == 0x30 ) { /* cert revocation */
2224 rc = check_key_signature( keyblock, node, NULL );
2227 log_info( "uid %08lX.%lu/%02X%02X: %s\n",
2228 (ulong)keyid[1], lid, uidhash[18], uidhash[19],
2229 _("Valid user ID revocation\n") );
2230 urec.r.uid.uidflags |= UIDF_CHECKED | UIDF_VALID;
2231 urec.r.uid.uidflags |= UIDF_REVOKED;
2234 log_info("uid %08lX/%02X%02X: %s: %s\n",
2235 (ulong)keyid[1], uidhash[18], uidhash[19],
2236 _("Invalid user ID revocation"),
2241 write_record( &urec );
2242 } /* end check self-signatures */
2245 if( (urec.r.uid.uidflags & (UIDF_CHECKED|UIDF_VALID))
2246 != (UIDF_CHECKED|UIDF_VALID) )
2247 return; /* user ID is not valid, so no need to check more things */
2249 /* check the preferences */
2251 upd_pref_record( &urec, keyid, selfsig );
2253 /* check non-self signatures */
2254 for( node=uidnode->next; node; node = node->next ) {
2257 if( node->pkt->pkttype == PKT_USER_ID )
2259 if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
2261 if( node->pkt->pkttype != PKT_SIGNATURE )
2264 sig = node->pkt->pkt.signature;
2266 if( keyid[0] == sig->keyid[0] || keyid[1] == sig->keyid[1] )
2267 continue; /* skip self signature */
2269 if( (sig->sig_class&~3) == 0x10 ) { /* regular certification */
2270 upd_cert_record( keyblock, node, keyid, drec, recno_list,
2271 recheck, &urec, uidhash, 0 );
2273 else if( sig->sig_class == 0x30 ) { /* cert revocation */
2274 upd_cert_record( keyblock, node, keyid, drec, recno_list,
2275 recheck, &urec, uidhash, 1 );
2277 } /* end check certificates */
2279 write_record( &urec );
2289 upd_pref_record( TRUSTREC *urec, u32 *keyid, PKT_signature *sig )
2292 sigsubpkttype_t subpkttype;
2295 { SIGSUBPKT_PREF_SYM, PREFTYPE_SYM },
2296 { SIGSUBPKT_PREF_HASH, PREFTYPE_HASH },
2297 { SIGSUBPKT_PREF_COMPR, PREFTYPE_COMPR },
2301 ulong lid = urec->r.uid.lid ;
2302 const byte *uidhash = urec->r.uid.namehash;
2307 byte prefs_sig[200];
2308 int n_prefs_sig = 0;
2309 byte prefs_rec[200];
2310 int n_prefs_rec = 0;
2312 /* check for changed preferences */
2313 for(k=0; ptable[k].subpkttype; k++ ) {
2314 s = parse_sig_subpkt2( sig, ptable[k].subpkttype, &n );
2316 if( n_prefs_sig >= DIM(prefs_sig)-1 ) {
2317 log_info("uid %08lX.%lu/%02X%02X: %s\n",
2318 (ulong)keyid[1], lid, uidhash[18], uidhash[19],
2319 _("Too many preferences") );
2322 prefs_sig[n_prefs_sig++] = ptable[k].preftype;
2323 prefs_sig[n_prefs_sig++] = *s;
2326 for( recno=urec->r.uid.prefrec; recno; recno = prec.r.pref.next ) {
2327 read_record( recno, &prec, RECTYPE_PREF );
2328 for(i = 0; i < ITEMS_PER_PREF_RECORD; i +=2 ) {
2329 if( n_prefs_rec >= DIM(prefs_rec)-1 ) {
2330 log_info("uid %08lX.%lu/%02X%02X: %s\n",
2331 (ulong)keyid[1], lid, uidhash[18], uidhash[19],
2332 _("Too many preference items") );
2335 prefs_rec[n_prefs_rec++] = prec.r.pref.data[i];
2336 prefs_rec[n_prefs_rec++] = prec.r.pref.data[i+1];
2339 if( n_prefs_sig == n_prefs_rec
2340 && !memcmp( prefs_sig, prefs_rec, n_prefs_sig ) )
2341 return; /* not chnaged */
2343 /* Preferences have changed: Delete all pref records
2344 * This is much simpler than checking whether we have to
2345 * do update the record at all - the record cache may care about it
2347 for( recno=urec->r.uid.prefrec; recno; recno = prec.r.pref.next ) {
2348 read_record( recno, &prec, RECTYPE_PREF );
2349 delete_record( recno );
2352 if( n_prefs_sig > ITEMS_PER_PREF_RECORD )
2353 log_info(_("WARNING: can't yet handle long pref records\n"));
2355 memset( &prec, 0, sizeof prec );
2356 prec.recnum = tdbio_new_recnum();
2357 prec.rectype = RECTYPE_PREF;
2358 prec.r.pref.lid = lid;
2359 if( n_prefs_sig <= ITEMS_PER_PREF_RECORD )
2360 memcpy( prec.r.pref.data, prefs_sig, n_prefs_sig );
2361 else { /* need more than one pref record */
2364 int n = n_prefs_sig;
2365 byte *pp = prefs_sig;
2367 memcpy( prec.r.pref.data, pp, ITEMS_PER_PREF_RECORD );
2368 n -= ITEMS_PER_PREF_RECORD;
2369 pp += ITEMS_PER_PREF_RECORD;
2370 nextrn = prec.r.pref.next = tdbio_new_recnum();
2372 memset( &tmp, 0, sizeof tmp );
2373 tmp.recnum = nextrn;
2374 tmp.rectype = RECTYPE_PREF;
2375 tmp.r.pref.lid = lid;
2376 if( n <= ITEMS_PER_PREF_RECORD ) {
2377 memcpy( tmp.r.pref.data, pp, n );
2381 memcpy( tmp.r.pref.data, pp, ITEMS_PER_PREF_RECORD );
2382 n -= ITEMS_PER_PREF_RECORD;
2383 pp += ITEMS_PER_PREF_RECORD;
2384 nextrn = tmp.r.pref.next = tdbio_new_recnum();
2386 write_record( &tmp );
2389 write_record( &prec );
2390 urec->r.uid.prefrec = prec.recnum;
2397 upd_cert_record( KBNODE keyblock, KBNODE signode, u32 *keyid,
2398 TRUSTREC *drec, RECNO_LIST *recno_list, int recheck,
2399 TRUSTREC *urec, const byte *uidhash, int revoke )
2401 /* We simply insert the signature into the sig records but
2402 * avoid duplicate ones. We do not check them here because
2403 * there is a big chance, that we import required public keys
2404 * later. The problem with this is that we must somewhere store
2405 * the information about this signature (we need a record id).
2406 * We do this by using the record type shadow dir, which will
2407 * be converted to a dir record as soon as a new public key is
2408 * inserted into the trustdb.
2410 ulong lid = drec->recnum;
2411 PKT_signature *sig = signode->pkt->pkt.signature;
2418 PKT_public_key *pk = m_alloc_clear( sizeof *pk );
2421 int found_delrec = 0;
2426 /* get the LID of the pubkey of the signature under verification */
2427 rc = get_pubkey( pk, sig->keyid );
2430 pk_lid = pk->local_id;
2432 rc = tdbio_search_dir_bypk( pk, &rec );
2434 pk_lid = rec.recnum;
2435 else if( rc == -1 ) { /* see whether there is a sdir instead */
2438 keyid_from_pk( pk, akid );
2439 rc = tdbio_search_sdir( akid, pk->pubkey_algo, &rec );
2441 pk_lid = rec.recnum;
2445 free_public_key( pk ); pk = NULL;
2447 /* Loop over all signatures just in case one is not correctly
2448 * marked. If we see the correct signature, set a flag.
2449 * delete duplicate signatures (should not happen but...) */
2450 for( recno = urec->r.uid.siglist; recno; recno = rec.r.sig.next ) {
2453 read_record( recno, &rec, RECTYPE_SIG );
2454 for(i=0; i < SIGS_PER_RECORD; i++ ) {
2456 if( !rec.r.sig.sig[i].lid ) {
2457 if( !found_delrec && !delrec.recnum ) {
2462 continue; /* skip deleted sigs */
2464 if( rec.r.sig.sig[i].lid == pk_lid ) {
2466 log_info( "sig %08lX.%lu/%02X%02X/%08lX: %s\n",
2467 (ulong)keyid[1], lid, uidhash[18],
2468 uidhash[19], (ulong)sig->keyid[1],
2469 _("Duplicated certificate - deleted") );
2470 rec.r.sig.sig[i].lid = 0;
2476 if( !recheck && !revoke && (rec.r.sig.sig[i].flag & SIGF_CHECKED) )
2477 continue; /* we already checked this signature */
2478 if( !recheck && (rec.r.sig.sig[i].flag & SIGF_NOPUBKEY) )
2479 continue; /* we do not have the public key */
2481 read_record( rec.r.sig.sig[i].lid, &tmp, 0 );
2482 if( tmp.rectype == RECTYPE_DIR ) {
2483 /* In this case we should now be able to check the signature */
2484 rc = check_key_signature( keyblock, signode, NULL );
2485 if( !rc ) { /* valid signature */
2487 log_info("sig %08lX.%lu/%02X%02X/%08lX: %s\n",
2488 (ulong)keyid[1], lid, uidhash[18],
2489 uidhash[19], (ulong)sig->keyid[1],
2490 revoke? _("Valid certificate revocation")
2491 : _("Good certificate") );
2492 rec.r.sig.sig[i].flag = SIGF_CHECKED | SIGF_VALID;
2494 rec.r.sig.sig[i].flag |= SIGF_REVOKED;
2496 else if( rc == G10ERR_NO_PUBKEY ) {
2497 if( (rec.r.sig.sig[i].flag & SIGF_CHECKED) )
2498 log_info("sig %08lX.%lu/%02X%02X/%08lX: %s\n",
2499 (ulong)keyid[1], lid, uidhash[18],
2500 uidhash[19], (ulong)sig->keyid[1],
2501 _("Hmmm, public key lost?") );
2502 rec.r.sig.sig[i].flag = SIGF_NOPUBKEY;
2504 rec.r.sig.sig[i].flag |= SIGF_REVOKED;
2507 log_info("sig %08lX.%lu/%02X%02X/%08lX: %s: %s\n",
2508 (ulong)keyid[1], lid, uidhash[18],
2509 uidhash[19], (ulong)sig->keyid[1],
2510 revoke? _("Invalid certificate revocation")
2511 : _("Invalid certificate"),
2513 rec.r.sig.sig[i].flag = SIGF_CHECKED;
2515 rec.r.sig.sig[i].flag |= SIGF_REVOKED;
2519 else if( tmp.rectype == RECTYPE_SDIR ) {
2520 /* must check that it is the right one */
2521 if( tmp.r.sdir.keyid[0] == sig->keyid[0]
2522 && tmp.r.sdir.keyid[1] == sig->keyid[1]
2523 && (!tmp.r.sdir.pubkey_algo
2524 || tmp.r.sdir.pubkey_algo == sig->pubkey_algo )) {
2525 if( !(rec.r.sig.sig[i].flag & SIGF_NOPUBKEY) )
2526 log_info(_("uid %08lX.%lu/%02X%02X: "
2527 "has shadow dir %lu but is not yet marked.\n"),
2528 (ulong)keyid[1], lid,
2529 uidhash[18], uidhash[19], tmp.recnum );
2530 rec.r.sig.sig[i].flag = SIGF_NOPUBKEY;
2532 rec.r.sig.sig[i].flag |= SIGF_REVOKED;
2534 /* fixme: should we verify that the record is
2535 * in the hintlist? - This case here should anyway
2540 log_error(_("sig record %lu[%d] points to wrong record.\n"),
2541 rec.r.sig.sig[i].lid, i );
2545 if( found_delrec && delrec.recnum ) {
2547 found_delrec = 0; /* we only want the first one */
2550 write_record( &rec );
2558 /* at this point, we have verified, that the signature is not in
2559 * our list of signatures. Add a new record with that signature
2560 * and if the public key is there, check the signature. */
2562 if( !pk_lid ) /* we have already seen that there is no pubkey */
2563 rc = G10ERR_NO_PUBKEY;
2565 rc = check_key_signature( keyblock, signode, NULL );
2567 if( !rc ) { /* valid signature */
2569 log_info("sig %08lX.%lu/%02X%02X/%08lX: %s\n",
2570 (ulong)keyid[1], lid, uidhash[18],
2571 uidhash[19], (ulong)sig->keyid[1],
2572 revoke? _("Valid certificate revocation")
2573 : _("Good certificate") );
2574 newlid = pk_lid; /* this is the pk of the signature */
2575 newflag = SIGF_CHECKED | SIGF_VALID;
2577 newflag |= SIGF_REVOKED;
2579 else if( rc == G10ERR_NO_PUBKEY ) {
2580 if( opt.verbose > 1 )
2581 log_info("sig %08lX.%lu/%02X%02X/%08lX: %s\n",
2582 (ulong)keyid[1], lid, uidhash[18],
2583 uidhash[19], (ulong)sig->keyid[1], g10_errstr(rc) );
2584 newlid = create_shadow_dir( sig, lid );
2585 newflag = SIGF_NOPUBKEY;
2587 newflag |= SIGF_REVOKED;
2590 log_info( "sig %08lX.%lu/%02X%02X/%08lX: %s: %s\n",
2591 (ulong)keyid[1], lid, uidhash[18], uidhash[19],
2592 (ulong)sig->keyid[1],
2593 revoke? _("Invalid certificate revocation")
2594 : _("Invalid certificate"),
2596 newlid = create_shadow_dir( sig, lid );
2597 newflag = SIGF_CHECKED;
2599 newflag |= SIGF_REVOKED;
2602 if( delrec.recnum ) { /* we can reuse a deleted/unused slot */
2603 delrec.r.sig.sig[delrecidx].lid = newlid;
2604 delrec.r.sig.sig[delrecidx].flag= newflag;
2605 write_record( &delrec );
2607 else { /* must insert a new sig record */
2610 memset( &tmp, 0, sizeof tmp );
2611 tmp.recnum = tdbio_new_recnum();
2612 tmp.rectype = RECTYPE_SIG;
2613 tmp.r.sig.lid = lid;
2614 tmp.r.sig.next = urec->r.uid.siglist;
2615 tmp.r.sig.sig[0].lid = newlid;
2616 tmp.r.sig.sig[0].flag= newflag;
2617 write_record( &tmp );
2618 urec->r.uid.siglist = tmp.recnum;
2625 * Update all the info from the public keyblock.
2626 * The key must already exist in the keydb.
2627 * This function is responsible for checking the signatures in cases
2628 * where the public key is already available. If we do not have the public
2629 * key, the check is done by some special code in insert_trust_record().
2632 update_trust_record( KBNODE keyblock, int recheck, int *modified )
2634 PKT_public_key *primary_pk;
2642 u32 keyid[2]; /* keyid of primary key */
2643 ulong recno, lastrecno;
2644 RECNO_LIST recno_list = NULL; /* list of verified records */
2645 /* fixme: replace recno_list by a lookup on node->recno */
2650 node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
2651 primary_pk = node->pkt->pkt.public_key;
2652 rc = get_dir_record( primary_pk, &drec );
2655 if( !primary_pk->local_id )
2656 primary_pk->local_id = drec.recnum;
2658 keyid_from_pk( primary_pk, keyid );
2660 /* fixme: check that the keyblock has a valid structure */
2662 rc = tdbio_begin_transaction();
2666 /* update the keys */
2667 for( node=keyblock; node; node = node->next ) {
2668 if( node->pkt->pkttype == PKT_PUBLIC_KEY
2669 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
2670 upd_key_record( keyblock, node, keyid,
2671 &drec, &recno_list, recheck );
2673 /* update the user IDs */
2674 for( node=keyblock; node; node = node->next ) {
2675 if( node->pkt->pkttype == PKT_USER_ID )
2676 upd_uid_record( keyblock, node, keyid,
2677 &drec, &recno_list, recheck );
2680 /* delete keyrecords from the trustdb which are not anymore used */
2681 /* should we really do this, or is it better to keep them and */
2682 /* mark as unused? */
2684 for( recno=drec.r.dir.keylist; recno; recno = krec.r.key.next ) {
2685 read_record( recno, &krec, RECTYPE_KEY );
2686 if( !qry_recno_list( recno_list, recno, RECTYPE_KEY ) ) {
2687 /* delete this one */
2689 drec.r.dir.keylist = krec.r.key.next;
2693 read_record( lastrecno, &helprec, RECTYPE_KEY );
2694 helprec.r.key.next = krec.r.key.next;
2695 write_record( &helprec );
2697 delete_record( recno );
2702 /* delete uid records and sig and their pref records from the
2703 * trustdb which are not anymore used */
2705 for( recno=drec.r.dir.uidlist; recno; recno = urec.r.uid.next ) {
2706 read_record( recno, &urec, RECTYPE_UID );
2707 if( !qry_recno_list( recno_list, recno, RECTYPE_UID ) ) {
2709 /* delete this one */
2711 drec.r.dir.uidlist = urec.r.uid.next;
2715 read_record( lastrecno, &helprec, RECTYPE_UID );
2716 helprec.r.uid.next = urec.r.uid.next;
2717 write_record( &helprec );
2719 for(r2=urec.r.uid.prefrec ; r2; r2 = prec.r.pref.next ) {
2720 read_record( r2, &prec, RECTYPE_PREF );
2721 delete_record( r2 );
2723 for(r2=urec.r.uid.siglist ; r2; r2 = helprec.r.sig.next ) {
2724 read_record( r2, &helprec, RECTYPE_SIG );
2725 delete_record( r2 );
2727 delete_record( recno );
2736 rc = tdbio_cancel_transaction();
2738 write_record( &drec );
2739 if( modified && tdbio_is_dirty() )
2741 rc = tdbio_end_transaction();
2743 rel_recno_list( &recno_list );
2749 * Insert a trust record into the TrustDB
2750 * This function assumes that the record does not yet exist.
2753 insert_trust_record( PKT_public_key *pk )
2757 KBNODE keyblock = NULL;
2759 byte fingerprint[MAX_FINGERPRINT_LEN];
2765 log_bug("pk->local_id=%lu\n", pk->local_id );
2767 fingerprint_from_pk( pk, fingerprint, &fingerlen );
2769 /* fixme: assert that we do not have this record.
2770 * we can do this by searching for the primary keyid
2772 * fixme: If there is no such key we should look whether one
2773 * of the subkeys has been used to sign another key and in this case
2774 * we got the key anyway. Because a secondary key can't be used
2775 * without a primary key (it is needed to bind the secondary one
2776 * to the primary one which has the user ids etc.)
2779 /* get the keyblock which has the key */
2780 rc = get_keyblock_byfprint( &keyblock, fingerprint, fingerlen );
2781 if( rc ) { /* that should never happen */
2782 log_error( _("insert_trust_record: keyblock not found: %s\n"),
2787 /* check that we used the primary key (we are little bit paranoid) */
2788 { PKT_public_key *a_pk;
2789 u32 akid[2], bkid[2];
2791 node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
2792 a_pk = node->pkt->pkt.public_key;
2794 /* we can't use cmp_public_keys here because some parts (expiredate)
2795 * might not be set in pk <--- but why (fixme) */
2796 keyid_from_pk( a_pk, akid );
2797 keyid_from_pk( pk, bkid );
2799 if( akid[0] != bkid[0] || akid[1] != bkid[1] ) {
2800 log_error(_("did not use primary key for insert_trust_record()\n"));
2801 rc = G10ERR_GENERAL;
2806 /* We have to look for a shadow dir record which must be reused
2807 * as the dir record. And: check all signatures which are listed
2808 * in the hintlist of the shadow dir record.
2810 rc = tdbio_search_sdir( pk->keyid, pk->pubkey_algo, &shadow );
2811 if( rc && rc != -1 ) {
2812 log_error(_("tdbio_search_dir failed: %s\n"), g10_errstr(rc));
2815 memset( &dirrec, 0, sizeof dirrec );
2816 dirrec.rectype = RECTYPE_DIR;
2818 /* hey, great: this key has already signed other keys
2819 * convert this to a real directory entry */
2820 hintlist = shadow.r.sdir.hintlist;
2821 dirrec.recnum = shadow.recnum;
2824 dirrec.recnum = tdbio_new_recnum();
2826 dirrec.r.dir.lid = dirrec.recnum;
2827 write_record( &dirrec );
2830 pk->local_id = dirrec.r.dir.lid;
2831 for( node=keyblock; node; node = node->next ) {
2832 if( node->pkt->pkttype == PKT_PUBLIC_KEY
2833 || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) {
2834 PKT_public_key *pk = node->pkt->pkt.public_key;
2835 pk->local_id = dirrec.r.dir.lid;
2837 else if( node->pkt->pkttype == PKT_SIGNATURE ) {
2838 PKT_signature *sig = node->pkt->pkt.signature;
2839 sig->local_id = dirrec.r.dir.lid;
2843 /* and put all the other stuff into the keydb */
2844 rc = update_trust_record( keyblock, 0, NULL );
2846 process_hintlist( hintlist, dirrec.r.dir.lid );
2849 if( rc && hintlist )
2850 ; /* fixme: the hintlist is not anymore anchored */
2851 release_kbnode( keyblock );
2858 update_ownertrust( ulong lid, unsigned new_trust )
2862 read_record( lid, &rec, RECTYPE_DIR );
2863 rec.r.dir.ownertrust = new_trust;
2864 write_record( &rec );
projects / gnupg.git / blob